There was a local conference that was privileged to host the Pros Vs Joes CTF a few years ago, and if you got to play, I’m sure you can attest to how much fun (or agonizing) it was to play. If you’ve been able to attend BSidesLV in the past couple years, there has been this very game being played in the back of the common area. No, you would not have heard much hubbub, as most players are hunched over their laptops, trying to hide the tears leaking from their eyes.
Why this mix of joy and pain?
Pros Vs. Joes has been described as ‘an entire year of experience in two seven-hour days.’ I’ve described it myself (Sean) as the most intense training experience I’ve ever had.
Imagine this: You are just hired, along with the rest of your team for a typical corporate entity, with a typical IT infrastructure (a few web sites, a shopping cart, some databases, a CMS, phones, email, domain controller, etc.), and typical corporate needs (get users added/removed, grant access to drives or FTP, keep the web presence online, make sure email and phones are working, etc.). Why has the *entire* team been hired today? Because the last team wasn’t able to get the hackers out. It’s been going on and on, email and phones haven’t been reliable, the web sites are being hacked, data has been exfiltrated. Corporate management had a complete lack of faith in the security team’s ability to solve it, so they cleaned house. This is where you come in. The hackers are already in. You’re already behind the 8-ball. You need to get them out now, and keep them out, and keep all the corporate distractions at rest.
This is day one of Pros Vs. Joes. You’re hitting the ground running, with the Pros (the red team) *already* in your network. You spend the day finding them and getting them out, while keeping all the services up, and taking care of all the IT service desk tickets. This is pure Blue Team, and it’s intense. In our day jobs, we all do our best to plan for the worst, and for some of us, that day comes, and then it goes. You’re not sure who it was, and incident management will take some time before you can assess just what happened. For this one day, you *know* that you’re being aggressively attacked by professional hackers. And they’re relentless. There’s a scoreboard that shows services being up or down, and a list of beacons within your network, pinging out to the ‘C&C’ under the control of the hackers. Sound intense? You better believe it.
Day Two: Complete reset of the environment. Call it a groundhog day repeat. But this time you’re wearing two hats. You’re protecting your network, keeping everything up, and taking care of the IT tickets. But you’re also wearing your red hat, and you’re attacking the other teams. Yesterday, everyone was Blue. Today, everyone is Purple. And the local Pros have been assigned to join a team, and they’ll help you attack the other guys. Now your score will be based on keeping everything running and up, AND the flags you can steal from your opponents. Any beacons you can get in their network doesn’t boost your score, but it stops theirs from increasing.
Sound fun? Oh, it is. Sound intense? Oh, it really is.
I’m hooked. I played in Las Vegas in 2015, and our team won. I know why, and it wasn’t me. I played in Vegas again in 2016, and we did not win. I know why, and it wasn’t ALL me. I played again in 2017 as a Pro. I don’t think I’m ready to compete in the DefCon CTF, but I will try my best at the Pros Vs Joes CTF, any year I can. And at any venue I can (Pros Vs Joes CTF is now branching out to other cons, other than just BSides events).
We have room for more players, both Pros and Joes. If you think you can at least keep your head above water, then we would love to give you a seat at a table. https://docs.google.com/forms/d/e/1FAIpQLSe69etuakIuet3eSuR4i59gNKYfDN8RxLe1zclxa-_oaTTo6Q/viewform
One of my favorite things about running the Pros Vs. Joes CTF this year is that we’re doing this Wednesday and Thursday, so you’ll not miss any talks on Friday. With the con being small (we’re starting brand new this year), it would be tragic to have you tied up in the CTF for two days and not be able to catch the talks. So I’m very happy we’ve figured out a way to make this work for everyone.
Once you’ve registered for the con, come sign up to play in the CTF. It’ll be an experience you’ll never forget.